You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-commits@hadoop.apache.org by su...@apache.org on 2018/09/13 12:17:30 UTC
hadoop git commit: YARN-8630. ATSv2 REST APIs should honor
filter-entity-list-by-user in non-secure cluster when ACls are enabled.
Contributed by Rohith Sharma K S.
Repository: hadoop
Updated Branches:
refs/heads/trunk e08462715 -> f4bda5e8e
YARN-8630. ATSv2 REST APIs should honor filter-entity-list-by-user in non-secure cluster when ACls are enabled. Contributed by Rohith Sharma K S.
Project: http://git-wip-us.apache.org/repos/asf/hadoop/repo
Commit: http://git-wip-us.apache.org/repos/asf/hadoop/commit/f4bda5e8
Tree: http://git-wip-us.apache.org/repos/asf/hadoop/tree/f4bda5e8
Diff: http://git-wip-us.apache.org/repos/asf/hadoop/diff/f4bda5e8
Branch: refs/heads/trunk
Commit: f4bda5e8e9fee6c5a0dda7c79ef14e73aec20e7e
Parents: e084627
Author: Sunil G <su...@apache.org>
Authored: Thu Sep 13 17:47:02 2018 +0530
Committer: Sunil G <su...@apache.org>
Committed: Thu Sep 13 17:47:21 2018 +0530
----------------------------------------------------------------------
.../reader/TimelineReaderWebServices.java | 4 ++--
.../reader/TestTimelineReaderWebServicesBasicAcl.java | 11 ++++++++---
2 files changed, 10 insertions(+), 5 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/hadoop/blob/f4bda5e8/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-timelineservice/src/main/java/org/apache/hadoop/yarn/server/timelineservice/reader/TimelineReaderWebServices.java
----------------------------------------------------------------------
diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-timelineservice/src/main/java/org/apache/hadoop/yarn/server/timelineservice/reader/TimelineReaderWebServices.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-timelineservice/src/main/java/org/apache/hadoop/yarn/server/timelineservice/reader/TimelineReaderWebServices.java
index b10b705..3a4ea2e 100644
--- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-timelineservice/src/main/java/org/apache/hadoop/yarn/server/timelineservice/reader/TimelineReaderWebServices.java
+++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-timelineservice/src/main/java/org/apache/hadoop/yarn/server/timelineservice/reader/TimelineReaderWebServices.java
@@ -3532,9 +3532,9 @@ public class TimelineReaderWebServices {
static boolean checkAccess(TimelineReaderManager readerManager,
UserGroupInformation ugi, String entityUser) {
if (isDisplayEntityPerUserFilterEnabled(readerManager.getConfig())) {
- if (ugi != null && !validateAuthUserWithEntityUser(readerManager, ugi,
+ if (!validateAuthUserWithEntityUser(readerManager, ugi,
entityUser)) {
- String userName = ugi.getShortUserName();
+ String userName = ugi == null ? null : ugi.getShortUserName();
String msg = "User " + userName
+ " is not allowed to read TimelineService V2 data.";
throw new ForbiddenException(msg);
http://git-wip-us.apache.org/repos/asf/hadoop/blob/f4bda5e8/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-timelineservice/src/test/java/org/apache/hadoop/yarn/server/timelineservice/reader/TestTimelineReaderWebServicesBasicAcl.java
----------------------------------------------------------------------
diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-timelineservice/src/test/java/org/apache/hadoop/yarn/server/timelineservice/reader/TestTimelineReaderWebServicesBasicAcl.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-timelineservice/src/test/java/org/apache/hadoop/yarn/server/timelineservice/reader/TestTimelineReaderWebServicesBasicAcl.java
index 6651457..6ad4427 100644
--- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-timelineservice/src/test/java/org/apache/hadoop/yarn/server/timelineservice/reader/TestTimelineReaderWebServicesBasicAcl.java
+++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-timelineservice/src/test/java/org/apache/hadoop/yarn/server/timelineservice/reader/TestTimelineReaderWebServicesBasicAcl.java
@@ -88,9 +88,14 @@ public class TestTimelineReaderWebServicesBasicAcl {
Assert.assertFalse(TimelineReaderWebServices
.validateAuthUserWithEntityUser(manager, null, user1));
- // true because ugi is null
- Assert.assertTrue(
- TimelineReaderWebServices.checkAccess(manager, null, user1));
+ // false because ugi is null in non-secure cluster. User must pass
+ // ?user.name as query params in REST end points.
+ try {
+ TimelineReaderWebServices.checkAccess(manager, null, user1);
+ Assert.fail("user1Ugi is not allowed to view user1");
+ } catch (ForbiddenException e) {
+ // expected
+ }
// incoming ugi is admin asking for entity owner user1
Assert.assertTrue(
---------------------------------------------------------------------
To unsubscribe, e-mail: common-commits-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-commits-help@hadoop.apache.org